package com.neusoft.elmboot.config;

import com.neusoft.elmboot.common.constant.IgnoreConstant;
import com.neusoft.elmboot.filter.JwtFilter;
import com.neusoft.elmboot.filter.JwtLoginFilter;
import com.neusoft.elmboot.handler.CustomAccessDeniedHandler;
import com.neusoft.elmboot.service.impl.MyUserDetailServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("myUserDetailsService")
    private MyUserDetailServiceImpl userDetailService;

    @Autowired
    private CustomAccessDeniedHandler customAccessDeniedHandler;

    @Bean
    public PasswordEncoder passwordEncoder(){
        return NoOpPasswordEncoder.getInstance();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailService)
                .passwordEncoder(passwordEncoder());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers("/upload/**","/geneCode","/css/**", "/js/**",
                        "/business/listBusinessByOrderTypeId",
                        "/CartController/listCart",
                        "/business/detail",
                        "/foods/listFoodByBusinessId",
                        "/CartController/saveCart",
                        "/CartController/updateCart",
                        "/DeliveryAddressController/listDeliveryAddressByUserId",
                        "/DeliveryAddressController/saveDeliveryAddress",
                        "/OrdersController/createOrders",
                        "/OrdersController/getOrdersById",
                        "/payment/mobliePayment",
                        "/payment/returnUrl"
                );
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers(IgnoreConstant.IGNORE_AUTHORIZE_URLS).permitAll()
                .anyRequest().authenticated()
                .and().cors().and()
                .formLogin().loginProcessingUrl("users/login")
                .usernameParameter("userName").and()
                .addFilterBefore(new JwtLoginFilter("/users/login",authenticationManager()), UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(new JwtFilter(),UsernamePasswordAuthenticationFilter.class)
                .csrf().disable();
        //登录失败处理的逻辑
        http.exceptionHandling().accessDeniedHandler(customAccessDeniedHandler);


    }
}
